0

Background: 4 Windows Server 2016 domain controllers at 4 different sites. Sites are connected by S2S IPSec connections. The one site moved and the server in this site broke down, so we had to restore the server to a new Hyper-V instance. Everything went fine and all looks 100% again... However:

Problem: When running AD sync on this restored AD, I get RPC Server Not Available errors for all servers, and sometimes the status changes to Error 172: Network Error. I have checked all services required for AD, as well as all network protocols and did port testing as well; everything checks out.

I am not sure what could be causing this - does anyone have any ideas?

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
Francois Botha
  • 3
  • 4
  • `did port testing` what ports? – Greg Askew Aug 04 '23 at 12:11
  • 135 and 53 on all servers. – Francois Botha Aug 04 '23 at 13:16
  • RPC requires ports tcp/135 and tcp/49152 through tcp/65535. You need to ensure *all* of those ports are opened, and perform a netmon packet capture to confirm what port(s) are being attempted to what addresses. https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements https://learn.microsoft.com/en-US/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang – Greg Askew Aug 04 '23 at 13:49
  • Thank you, Greg. I will check that now and test if this is causing the problem. The DC did replicate fine before the restore, but this is a good suggestion and I will report back on the outcome. I appreciate your input. – Francois Botha Aug 04 '23 at 13:52
  • I have tested this with the selected ports open, but unfortunately, I still get the error. 2x of the servers fail 5/15 sync services. – Francois Botha Aug 07 '23 at 05:13
  • What does the netmon capture show? – Greg Askew Aug 07 '23 at 11:57

1 Answers1

0

Update: The problem is sort of fixed. I rechecked the NTDS entries for each server and made sure that all other servers are listed. I then re-ran the sync manually from the primary AD and all passed for all servers!

I do however get the following status on the 'repadmin /replsummary' for two of the servers (even though the sync was successful on all items):

Source:

       1                10m:25s    0 /  15    0
       2                52m:41s    0 /  15    0
       3            21h:56m:09s    5 /  15   33  (1722) The RPC server is unavailable.
       5            21h:54m:08s    5 /  15   33  (1722) The RPC server is unavailable.

Destination:

       1                14m:24s    0 /  15    0
       2                09m:02s    0 /  15    0
       3            21h:54m:14s    5 /  15   33  (1722) The RPC server is unavailable.
       5            21h:56m:20s    5 /  15   33  (1722) The RPC server is unavailable.
Francois Botha
  • 3
  • 4